Scenario

One of those moments again where the search engine did not turn up information which I need. So I hope this article will be helpful to someone out there.

It seems that environment variables in Apache are not being treated equally when SetEnv, SetEnvIf and RewriteRule directives are used. In my case, I want to limit access based on query string but SetEnvIf does not have that attribute to test against. RewriteRule creates an environment variable that is not accessible by Allow/Deny directive (Possibly because Allow/Deny are evaluated before RewriteRule). It makes things complicated when you are going to use environment variables to limit access but it does not work as expected.

Unfortunately, I do not have a solution for you but I hope this information will save you countless hours researching a solution that never exists. But if you do have one, please let me know as I would love to hear from you.

.htaccess Test Configuration

You can skip this part actually. But if you are interested in how the test is done, you can continue reading.

As you may already be aware, Autorun is one of the malware infection means in Windows. I have been searching for the best way to disable Autorun that could really give me a peace of mind and have come across this article.

Some background

You can skip this part actually. But if you are interested in some technical details, you can continue reading. This post is written based on Windows XP but it should also work for other NT family of operating systems such as Windows 2000, Windows Vista, etc. Henceforth, any reference to Windows means Windows XP.

In Windows, .ini files are now mapped to the Registry. What really happened is whenever a x.ini file is referenced, it will look up the corresponding x.ini in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping. It seems .inf works in the same way too.

If you read through the Microsoft documentation, you find an interesting symbol “@” used in the value. What it does is it prevents any reads from going to the .ini file on disk if the requested data is not found in the Registry. Now we are all set for the solution.

The solution

Create a Registry file DisableAutorun.reg with the following content and double-click on the newly created file to import the setting. That’s it.

Scenario

It has been that situation again when I have spent a whole day trying to research and figure out the solution to a problem that has bugged me. Hopefully this will save researching time for people having the same issue.

If you, like me, are trying to get cURL, or rather, plugin such as WordPress OpenID (which uses PHP libcurl) to work with HTTPS sites that use self-signed certificates but do not wish to compromise the security by disabling CURLOPT_SSL_VERIFYPEER and/or CURLOPT_SSL_VERIFYHOST option in the code, the following might be the answer for you.

Some background

You can skip this part actually. But if you are interested in some technical details, you can continue reading. This post is written on the assumption that Ubuntu Linux is used. It should apply to other distros as well with minor differences.

When we are using cURL to retrieve a HTTPS site that is not using a CA-signed certificate, the following problem occurs. Of course, this can simply be overcome by using the -k option.

root@ubuntu:/etc# curl https://example.selfip.com
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

However, in the case of applications such as WordPress OpenID plugin, we have to amend the code to disable both CURLOPT_SSL_VERIFYPEER and/or CURLOPT_SSL_VERIFYHOST. Not a very good idea as this will disable verification for authentic sites as well. If we know example.selfip.com, in this case is one of our own trusted test servers, we can add its certificate to the trusted list.

Now that we know what to do, we have to find out how to do it. It took me quite a while to look for the solution as I was looking in the wrong places. WordPress OpenID and cURL documentations/forums did not point me in the right direction. I decided to take a look at the source code in cURL and discover that ultimately, the responsibility of the verification lies with OpenSSL.

Arm with this and some right keyword searching, it has led me to this HOWTO, which provided some insight on how OpenSSL recognizes certificate authorities, and an important program. Right now, we are all set to add the new certificate so that our OpenSSL can recognize the HTTPS server.

The solution

Identify which directory your OpenSSL installation uses.

root@ubuntu:~# openssl version -d
OPENSSLDIR: "/usr/lib/ssl"

Change to that directory.

root@ubuntu:~# cd /usr/lib/ssl

List the directory contents. You should see a directory called “certs”.

-------------------------------------------------------------------------------
GNU nano 2.0.9 File: ca-certificates.conf
# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# Certificates should be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
example.selfip.com.crt
brasil.gov.br/brasil.gov.br.crt
cacert.org/cacert.org.crt
cacert.org/class3.crt
.
.
.
-------------------------------------------------------------------------------

Execute the program “update-ca-certificates –fresh”.Note: You might like to backup /etc/ssl/certs before executing the command.

Scenario

Assuming your application is running smoothly and all of the HeadX (Refers to HeadLink, HeadMeta, HeadScript, HeadStyle and HeadTitle collectively) have been setup. Suddenly, an exception occurs and your ErrorController has been activated.

You need to use the HeadX to render your error page but those HeadX needs to be cleared of all the previous unwanted setup before we can start using them to render the page. Somehow, there is no clear-related method in the HeadX to do this simply. If this situation, or somewhat related, applies to you, maybe the following article is for you.

Some background

You can skip this part actually. But if you are interested in the technical details, you can continue reading. This post is written based on Zend Framework v1.7.4.

Zend_View_Helper_Placeholder_Container_Standalone class

If you were to open up the Zend/View/Helper/HeadX.php, you will find that those classes actually extend Zend_View_Helper_Placeholder_Container_Standalone class (We shall term it as Standalone class from now on).

$_registry: This variable holds a reference to an instance of Zend_View_Helper_Placeholder_Registry class, which is sort of a Singleton using Zend_Registry.

$_regKey: This variable is overridden by each of the respective HeadX classes and is assigned a unique key, in this case, the class name itself. You can open up the individual Zend/View/Helper/HeadX.php to find this key.

I have extracted the relevant code from the Standalone class as follows. As you can see with reference to the above mentioned protected variables, the methods are actually quite simple and the important method here is __construct. It is using a common placeholder registry to obtain a container reference for the respective HeadX class that we are using.

Using HeadLink as an example, you will find $_regKey is assigned with the key ‘Zend_View_Helper_HeadLink’ in Zend/View/Helper/HeadLink.php. Essentially, this key will retrieve a unique common container reference purely used by the HeadLink class.

Zend_View_Helper_Placeholder_Container class

At this point, we now know placeholder registry is the central repository for the containers and Standalone class retrieves the reference from it. We also know that the container is an instance of Zend_View_Helper_Placeholder_Container class, which exposes methods from both it’s _Abstrast parent class and ArrayObject class.

If you were to open up the Zend/View/Helper/HeadX.php files, you will find that operations (such as append, prepend) on the container, returned by getContainer method, is performed using methods exposed by Zend_View_Helper_Placeholder_Container class.

However, inside Zend/View/Helper/HeadTitle.php, you will find that it did not use getContainer method at all and we are able to call set, append and prepend on the instance of Standalone class itself, which does not have those methods. The trick to this is the following __call method in the Standalone class, which indirectly exposes container methods as well.

So with the above __call method, calling set, append and prepend methods, which does not exist in Standalone class, will automatically route to the container inside. This will mean that all methods expose by Zend_View_Helper_Placeholder_Container_Abstract and ArrayObject can be invoked on Standalone class itself.

The solution

If you follow the technical stuff above, you will understand that the ArrayObject methods are exposed on the HeadX classes as well. So to clear/reset HeadX, we just need the following line in .phtml file. It’s just that simple. :)

$this->headX()->exchangeArray(array())

You might like to read up on a related post on clearing ArrayObject for more information.

As usual, if you have any comments or if there is any better way of doing this, remember to share them with me.

There wasn’t much information available on the Internet by keyword searching on how to do clearing/deleting/removing operations on PHP ArrayObject class so I decided to contribute a small post on this topic and hopefully it will save some time for people researching on it.

As of 7 February 2009, the PHP: ArrayObject – Manual did not document two very important methods in the class: exchangeArray() and getArrayCopy(). So I do agree with some post I came across that ArrayObject in not very well documented and the methods should be included there.

Sunstorm Labs Blog has actually written a very interesting article on the topic of ArrayObject so you might like to read it up. Some foundation here is actually based on that article and we will just concentrate on the operations mentioned in the title.

exchangeArray() and getArrayCopy() methods

You can’t really apply array functions directly on the ArrayObject instance. In order to use them, you need to do it as follows.

In Part 1, we are able to split the content into parts and apply decorators on them separately. This can be achieved by using the following classes. I guess the render method of each class pretty much sums up what they do so I will not explain further.

To use them, you just need to put these three classes into a folder App/Form/Decorator. You need to add this folder to the include_path similar to what you did for Zend library. Remember to enable autoloading using the Zend_Loader class. Other information can be found in the class remarks.

If there is any optimization or bug, please feel free to point them out so that I can update my copy as well.

Oh… One more thing, you can also used the same concept to create decorator that does formatting, such as indentation, of the rendered content if you haven’t thought of that.